CVE-2025-2265 Information

Description

The password of a web user in \Sante PACS Server.exe\ is zero-padded to 0x2000 bytes SHA1-hashed base64-encoded and stored in the USER table in the SQLite database HTTP.db. However the number of hash bytes encoded and stored is truncated if the hash contains a zero byte

Reference

https://www.tenable.com/security/research/tra-2025-08